Add Mithril Threat Model
page on website
#6369
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'hotfix**' | |
pull_request: | |
types: [ opened, reopened, synchronize ] | |
branches-ignore: | |
- 'hotfix**' # hotfix are handled by the push trigger | |
concurrency: | |
group: ci-build-test-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-ubuntu-X64: | |
runs-on: ubuntu-20.04 | |
outputs: | |
eras: ${{ steps.eras-test-lab.outputs.eras }} | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain, tools, and restore cache | |
uses: ./.github/workflows/actions/toolchain-and-cache | |
with: | |
cache-version: 20.04-${{ secrets.CACHE_VERSION }} | |
cargo-tools: cargo-deb | |
# We separate the build in 2 steps as we want to avoid side effects with Rust feature unification. | |
- name: Cargo build - Tooling | |
shell: bash | |
run: cargo build --release --bin mithril-end-to-end --bin load-aggregator | |
- name: Build Mithril workspace & publish artifacts | |
uses: ./.github/workflows/actions/build-upload-mithril-artifact | |
with: | |
binaries-build-args: --bin mithril-aggregator --bin mithril-signer --bin mithril-client --bin mithril-relay --features bundle_openssl,full | |
libraries-build-args: --package mithril-stm --package mithril-client --features full,unstable | |
- name: Build Debian packages | |
shell: bash | |
run: | | |
cargo deb --no-build --package mithril-aggregator | |
cargo deb --no-build --package mithril-signer | |
cargo deb --no-build --package mithril-client-cli | |
cargo deb --no-build --package mithril-relay | |
- name: Publish Debian packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mithril-deb-packages-${{ runner.os }}-${{ runner.arch }} | |
path: target/debian/*.deb | |
if-no-files-found: error | |
- name: Publish End-to-end runner (${{ runner.os }}-${{ runner.arch }}) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mithril-tooling-${{ runner.os }}-${{ runner.arch }} | |
path: | | |
target/release/mithril-end-to-end | |
target/release/load-aggregator | |
if-no-files-found: error | |
- name: Prepare test lab eras | |
id: eras-test-lab | |
run: | | |
ERAS=$(./target/release/mithril-aggregator era list --json) | |
echo "Test Lab Eras: $ERAS" | |
echo "eras=$ERAS" >> $GITHUB_OUTPUT | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ macos-12, macos-14, windows-latest ] | |
include: | |
# Only build client on windows & mac | |
- os: macos-12 | |
binaries-build-args: --bin mithril-client --features bundle_openssl | |
libraries-build-args: --package mithril-stm --package mithril-client --features full,unstable | |
- os: macos-14 | |
binaries-build-args: --bin mithril-client --features bundle_openssl | |
libraries-build-args: --package mithril-stm --package mithril-client --features full,unstable | |
- os: windows-latest | |
# Use `--bins --package <package>` instead of `--bin <package>`, otherwise the 'windows' compatibility | |
# hack in mithril common cargo.toml doesn't apply (we have no idea why). | |
binaries-build-args: --bins --package mithril-client-cli --features bundle_openssl | |
libraries-build-args: --package mithril-stm --package mithril-client --no-default-features --features num-integer-backend,full,unstable | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain and restore cache | |
uses: ./.github/workflows/actions/toolchain-and-cache | |
with: | |
cache-version: ${{ secrets.CACHE_VERSION }} | |
- name: Build Mithril workspace & publish artifacts | |
uses: ./.github/workflows/actions/build-upload-mithril-artifact | |
with: | |
binaries-build-args: ${{ matrix.binaries-build-args }} | |
libraries-build-args: ${{ matrix.libraries-build-args }} | |
common-build-args: ${{ matrix.common-build-args }} | |
build-test-wasm: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain, tools, and restore cache | |
uses: ./.github/workflows/actions/toolchain-and-cache | |
with: | |
cache-version: ${{ secrets.CACHE_VERSION }}-wasm | |
cargo-tools: wasm-pack | |
- name: Build 'mithril-client-wasm' library | |
shell: bash | |
run: | | |
cp LICENSE ./mithril-client-wasm/ | |
wasm-pack build mithril-client-wasm --release --target web --out-dir ./pkg --scope mithril-dev --out-name index | |
- name: Prepare 'mithril-client-wasm' package | |
shell: bash | |
run: | | |
cp LICENSE ./mithril-client-wasm/ | |
wasm-pack pack mithril-client-wasm/pkg | |
- name: Build a fake aggregator | |
shell: bash | |
run: cargo build -p mithril-aggregator-fake | |
- name: Start a fake aggregator | |
shell: bash | |
run: cargo run -p mithril-aggregator-fake -- -p 8000 & | |
- name: Test 'mithril-client-wasm' - Chrome | |
shell: bash | |
run: | | |
wasm-pack test --headless --chrome mithril-client-wasm --release | |
- name: Test 'mithril-client-wasm' - Firefox | |
shell: bash | |
run: | | |
wasm-pack test --headless --firefox mithril-client-wasm --release | |
- name: Test 'mithril-client-wasm' - NodeJS | |
shell: bash | |
run: | | |
wasm-pack test --node mithril-client-wasm --release | |
- name: Publish Mithril Distribution (WASM) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mithril-distribution-wasm | |
path: | | |
mithril-client-wasm/**/*-mithril-client-wasm-*.tgz | |
if-no-files-found: error | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-22.04, macos-12, macos-14, windows-latest ] | |
include: | |
- os: ubuntu-22.04 | |
test-args: --features full,unstable --workspace | |
# Only test client on windows & mac (since its the only binaries supported for those os for now) | |
- os: macos-12 | |
test-args: --package mithril-client --package mithril-client-cli --features full,unstable | |
- os: macos-14 | |
test-args: --package mithril-client --package mithril-client-cli --features full,unstable | |
- os: windows-latest | |
test-args: --package mithril-client --package mithril-client-cli --features full,unstable | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain, tools, and restore cache | |
uses: ./.github/workflows/actions/toolchain-and-cache | |
with: | |
cache-version: ${{ secrets.CACHE_VERSION }} | |
cargo-tools: cargo-nextest | |
- name: Build tests | |
run: cargo nextest run --no-run ${{ matrix.test-args }} | |
- name: Run tests | |
run: cargo nextest run --profile ci ${{ matrix.test-args }} | |
- name: Run doc tests | |
run: cargo test --doc ${{ matrix.test-args }} | |
- name: Ensure examples build | |
run: cargo build --examples ${{ matrix.test-args }} | |
- name: Rename junit file to include runner info | |
shell: bash | |
if: success() || failure() | |
run: | | |
mv target/nextest/ci/tests-result.junit.xml test-results${{ matrix.artifact-suffix }}-${{ runner.os }}-${{ runner.arch }}.xml | |
- name: Upload Tests Results | |
uses: actions/upload-artifact@v4 | |
if: success() || failure() | |
with: | |
name: test-results-${{ runner.os }}-${{ runner.arch }} | |
path: ./test-results-*.xml | |
check: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain, tools, and restore cache | |
uses: ./.github/workflows/actions/toolchain-and-cache | |
with: | |
cache-version: ${{ secrets.CACHE_VERSION }} | |
cargo-tools: cargo-sort clippy-sarif sarif-fmt | |
- name: Clippy Check | |
if: success() || failure() | |
run: | | |
cargo clippy \ | |
--all-features --all-targets --no-deps --message-format=json \ | |
| clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt | |
# Make this step fail if any warning has been found | |
if [[ $(cat rust-clippy-results.sarif | jq '.runs[0].results') != "[]" ]]; then | |
false | |
fi | |
- name: Upload clippy analysis results to GitHub | |
if: success() || failure() | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: rust-clippy-results.sarif | |
wait-for-processing: true | |
- name: Cargo fmt | |
if: success() || failure() | |
shell: bash | |
run: cargo fmt --check | |
- name: Cargo sort | |
if: success() || failure() | |
shell: bash | |
run: cargo sort -w -c | |
- name: Dependency & Vulnerabilities Review | |
if: github.event_name == 'pull_request' | |
uses: actions/dependency-review-action@v4 | |
with: | |
base-ref: ${{ github.event.pull_request.base.sha || 'main' }} | |
head-ref: ${{ github.event.pull_request.head.sha || github.ref }} | |
- name: Check networks.json validity | |
if: success() || failure() | |
run: jq . networks.json | |
e2e: | |
runs-on: ubuntu-22.04 | |
needs: [ build-ubuntu-X64 ] | |
strategy: | |
fail-fast: false | |
matrix: | |
mode: [ "std" ] | |
era: ${{ fromJSON(needs.build-ubuntu-X64.outputs.eras) }} | |
cardano_node_version: [ "8.7.3", "8.9.0", "8.11.0-pre" ] | |
hard_fork_latest_era_at_epoch: [ 0,10,100 ] | |
run_id: [ "#1" ] | |
extra_args: [ "" ] | |
include: | |
# Include a test for `8.1.2` which is not concerned by the hard fork | |
- mode: "std" | |
era: ${{ fromJSON(needs.build-ubuntu-X64.outputs.eras)[0] }} | |
cardano_node_version: "8.1.2" | |
hard_fork_latest_era_at_epoch: 100 | |
run_id: "#1" | |
extra_args: "" | |
# Include a test for the P2P mode | |
- mode: "p2p" | |
era: ${{ fromJSON(needs.build-ubuntu-X64.outputs.eras)[0] }} | |
cardano_node_version: "8.7.3" | |
hard_fork_latest_era_at_epoch: 100 | |
run_id: "#1" | |
extra_args: "--use-p2p-network" | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Download binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-distribution-${{ runner.os }}-${{ runner.arch }} | |
path: ./bin | |
- name: Download rust test runner | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-tooling-${{ runner.os }}-${{ runner.arch }} | |
path: ./ | |
- run: | | |
chmod +x ./bin/mithril-aggregator | |
chmod +x ./bin/mithril-client | |
chmod +x ./bin/mithril-signer | |
chmod +x ./bin/mithril-relay | |
chmod +x ./mithril-end-to-end | |
mkdir artifacts | |
- name: Test | |
run: | | |
./mithril-end-to-end -vvv \ | |
--bin-directory ./bin \ | |
--work-directory=./artifacts \ | |
--devnet-scripts-directory=./mithril-test-lab/mithril-devnet \ | |
--mithril-era=${{ matrix.era }} \ | |
--cardano-node-version ${{ matrix.cardano_node_version }} \ | |
--cardano-hard-fork-latest-era-at-epoch ${{ matrix.hard_fork_latest_era_at_epoch }} ${{ matrix.extra_args }} | |
- name: Upload E2E Tests Artifacts | |
if: ${{ failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mithril-e2e-tests-artifacts-run_${{ github.run_number }}-attempt_${{ github.run_attempt }}-mode_${{ matrix.mode }}-era_${{ matrix.era }}-cardano-${{ matrix.cardano_node_version }}-fork-${{ matrix.hard_fork_latest_era_at_epoch }}-run_id_${{ matrix.run_id }} | |
path: | | |
./artifacts/* | |
# including node.sock makes the upload fails so exclude them: | |
!./artifacts/**/node.sock | |
# exclude cardano tools, saving ~50mb of data: | |
!./artifacts/devnet/cardano-cli | |
!./artifacts/devnet/cardano-node | |
if-no-files-found: error | |
send-tests-results: | |
if: success() || failure() | |
runs-on: ubuntu-22.04 | |
needs: | |
- test | |
steps: | |
- name: Download Tests Results | |
if: success() || failure() | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: test-results-* | |
merge-multiple: true | |
- name: Publish Unit Test Results | |
if: success() || failure() | |
uses: EnricoMi/publish-unit-test-result-action@v2 | |
with: | |
junit_files: ./**/test-results-*.xml | |
docker-mithril: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
- check | |
- test | |
- e2e | |
strategy: | |
fail-fast: false | |
matrix: | |
project: [ mithril-aggregator, mithril-client-cli, mithril-signer, mithril-relay ] | |
include: | |
- project: mithril-client-cli | |
package: mithril-client | |
permissions: | |
contents: read | |
packages: write | |
env: | |
PUSH_PACKAGES: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith('refs/heads/hotfix', github.ref)) }} | |
REGISTRY: ghcr.io | |
PACKAGE: ${{ github.repository_owner }}/${{ matrix.package != '' && matrix.package || matrix.project }} | |
DOCKER_FILE: ./${{ matrix.project }}/Dockerfile.ci | |
CONTEXT: . | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.PACKAGE }} | |
tags: | | |
unstable | |
type=raw,value=${{ github.base_ref || github.ref_name }}-{{sha}} | |
- name: Download built artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-distribution-${{ runner.os }}-${{ runner.arch }} | |
path: ${{ matrix.project }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v5 | |
with: | |
context: ${{ env.CONTEXT }} | |
file: ${{ env.DOCKER_FILE }} | |
push: ${{ env.PUSH_PACKAGES }} | |
tags: ${{ steps.meta.outputs.tags }} | |
publish-crate-test: | |
strategy: | |
fail-fast: false | |
max-parallel: 1 | |
matrix: | |
package: [ mithril-stm, mithril-build-script, mithril-common, mithril-client ] | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
- test | |
- e2e | |
- check | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: stable | |
- name: Publish package to crates.io | |
uses: ./.github/workflows/actions/publish-crate-package | |
with: | |
dry_run: "true" | |
package: ${{ matrix.package }} | |
publish-wasm-test: | |
strategy: | |
fail-fast: false | |
max-parallel: 1 | |
matrix: | |
package: [ mithril-client-wasm ] | |
include: | |
- package: mithril-client-wasm | |
scope: mithril-dev | |
tag: latest | |
access: public | |
api_token_secret_name: NPM_API_TOKEN_MITHRIL_CLIENT_WASM | |
runs-on: ubuntu-22.04 | |
needs: | |
- build-test-wasm | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain, tools, and restore cache | |
uses: ./.github/workflows/actions/toolchain-and-cache | |
with: | |
cache-version: ${{ secrets.CACHE_VERSION }}-wasm | |
cargo-tools: wasm-pack | |
- name: Publish package to npm | |
uses: ./.github/workflows/actions/publish-npm-package | |
with: | |
dry_run: "true" | |
package: ${{ matrix.package }} | |
scope: ${{ matrix.scope }} | |
access: ${{ matrix.access }} | |
api_token: ${{ secrets[matrix.api_token_secret_name] }} | |
unstable-release: | |
if: vars.PUBLISH_UNSTABLE_RELEASE_IN_CI == 'true' && github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith('refs/heads/hotfix', github.ref)) | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
- build-test-wasm | |
- test | |
- e2e | |
- check | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Prepare packaging | |
run: mkdir package | |
- name: Get short SHA | |
id: slug | |
run: echo "sha8=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT | |
- name: Download built artifacts (Linux-X64) | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-distribution-Linux-X64 | |
path: ./package-Linux-X64 | |
- name: Download Debian packages (Linux-X64) | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-deb-packages-Linux-X64 | |
path: ./package | |
- name: Download built artifacts (macOS-X64) | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-distribution-macOS-X64 | |
path: ./package-macOS-X64 | |
- name: Download built artifacts (macOS-ARM64) | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-distribution-macOS-ARM64 | |
path: ./package-macOS-ARM64 | |
- name: Download built artifacts (Windows-X64) | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-distribution-Windows-X64 | |
path: ./package-Windows-X64 | |
- name: Prepare distribution package | |
uses: ./.github/workflows/actions/prepare-distribution | |
with: | |
version-name: unstable-${{ steps.slug.outputs.sha8 }} | |
download-url-base: ${{ github.server_url }}/${{ github.repository }}/releases/download/unstable | |
gpg-secret-key: ${{ secrets.GPG_SECRET_KEY }} | |
compatibility-table: '{ "release-mainnet": "⛔", "release-preprod": "⛔", "pre-release-preview": "⛔", "testing-preview": "✔", "testing-sanchonet": "✔" }' | |
- name: Update unstable release | |
uses: marvinpinto/action-automatic-releases@latest | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
automatic_release_tag: unstable | |
prerelease: true | |
title: Unstable Development Builds | |
files: package/* | |
- name: Update unstable release body with release notes addon | |
# specific version since this action does not support giving only the major number | |
uses: tubone24/update_release@v1.3.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAG_NAME: unstable | |
with: | |
is_append_body: true | |
body_path: ./release-notes-addon.txt | |
deploy-testing: | |
if: vars.DEPLOY_NETWORKS_IN_CI == 'true' && (github.event_name == 'push' || github.event_name == 'pull_request') | |
strategy: | |
fail-fast: false | |
matrix: | |
environment: [ testing-preview, testing-sanchonet ] | |
include: | |
- environment: testing-preview | |
environment_prefix: testing | |
cardano_network: preview | |
mithril_use_p2p_network: false | |
mithril_api_domain: api.mithril.network | |
mithril_protocol_parameters: | | |
{ | |
k = 2422 | |
m = 20973 | |
phi_f = 0.2 | |
} | |
mithril_signers: | | |
{ | |
"1" = { | |
type = "verified", | |
pool_id = "", | |
}, | |
"2" = { | |
type = "verified", | |
pool_id = "", | |
}, | |
"3" = { | |
type = "verified", | |
pool_id = "", | |
}, | |
} | |
terraform_backend_bucket: hydra-terraform-admin | |
google_region: europe-west1 | |
google_zone: europe-west1-b | |
google_machine_type: e2-highmem-8 | |
google_compute_instance_boot_disk_size: 200 | |
google_compute_instance_data_disk_size: 250 | |
- environment: testing-sanchonet | |
environment_prefix: testing | |
cardano_network: sanchonet | |
mithril_use_p2p_network: false | |
mithril_api_domain: api.mithril.network | |
mithril_protocol_parameters: | | |
{ | |
k = 5 | |
m = 100 | |
phi_f = 0.65 | |
} | |
mithril_signers: | | |
{ | |
"1" = { | |
type = "verified", | |
pool_id = "", | |
}, | |
} | |
terraform_backend_bucket: hydra-terraform-admin | |
google_region: europe-west1 | |
google_zone: europe-west1-b | |
google_machine_type: e2-highmem-4 | |
google_compute_instance_boot_disk_size: 200 | |
google_compute_instance_data_disk_size: 250 | |
environment: ${{ matrix.environment }} | |
runs-on: ubuntu-22.04 | |
needs: | |
- docker-mithril | |
defaults: | |
run: | |
working-directory: mithril-infra | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Get Docker image id | |
run: echo "DOCKER_IMAGE_ID=${{ github.base_ref || github.ref_name }}-$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
- name: ${{ env.DEPLOY == 'true' && 'Apply' || 'Plan' }} terraform infrastructure | |
uses: ./.github/workflows/actions/deploy-terraform-infrastructure | |
env: | |
DEPLOY: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
with: | |
dry_run: ${{ env.DEPLOY == 'true' && 'false' || 'true' }} | |
terraform_backend_bucket: ${{ matrix.terraform_backend_bucket }} | |
environment_prefix: ${{ matrix.environment_prefix }} | |
environment: ${{ matrix.environment }} | |
cardano_network: ${{ matrix.cardano_network }} | |
cardano_node_version: ${{ vars.CARDANO_NODE_VERSION }} | |
cardano_node_docker_registry: ${{ vars.CARDANO_NODE_DOCKER_REGISTRY }} | |
google_region: ${{ matrix.google_region }} | |
google_zone: ${{ matrix.google_zone }} | |
google_machine_type: ${{ matrix.google_machine_type }} | |
google_compute_instance_boot_disk_size: ${{ matrix.google_compute_instance_boot_disk_size }} | |
google_compute_instance_data_disk_size: ${{ matrix.google_compute_instance_data_disk_size }} | |
google_application_credentials: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} | |
mithril_use_p2p_network: ${{ matrix.mithril_use_p2p_network }} | |
mithril_api_domain: ${{ matrix.mithril_api_domain }} | |
mithril_image_id: ${{ env.DOCKER_IMAGE_ID }} | |
mithril_protocol_parameters: ${{ toJSON(matrix.mithril_protocol_parameters) }} | |
mithril_signers: ${{ toJSON(matrix.mithril_signers) }} | |
mithril_genesis_secret_key: ${{ secrets.GENESIS_SECRET_KEY }} | |
mithril_genesis_verification_key_url: ${{ vars.GENESIS_VERIFICATION_KEY_URL }} | |
mithril_era_reader_address_url: ${{ vars.ERA_READER_ADDRESS_URL }} | |
mithril_era_reader_verification_key_url: ${{ vars.ERA_READER_VERIFICATION_KEY_URL }} | |
mithril_era_reader_secret_key: ${{ secrets.ERA_READER_SECRET_KEY }} | |
mithril_aggregator_signed_entity_types: ${{ vars.AGGREGATOR_SIGNED_ENTITY_TYPES }} | |
mithril_aggregator_cdn_cname: ${{ vars.AGGREGATOR_CDN_CNAME }} | |
mithril_aggregator_snapshot_use_cdn_domain: ${{ vars.AGGREGATOR_USE_CDN_DOMAIN }} | |
mithril_aggregator_snapshot_compression_algorithm: ${{ vars.AGGREGATOR_SNAPSHOT_COMPRESSION_ALGORITHM }} | |
mithril_aggregator_zstandard_parameters_level: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_LEVEL }} | |
mithril_aggregator_zstandard_parameters_workers: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_WORKERS }} | |
mithril_aggregator_cexplorer_pools_url: ${{ vars.AGGREGATOR_CEXPLORER_POOLS_URL }} | |
mithril_aggregator_allow_unparsable_block: ${{ vars.AGGREGATOR_ALLOW_UNPARSABLE_BLOCK }} | |
mithril_aggregator_cardano_transactions_prover_cache_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE }} | |
prometheus_auth_username: ${{ secrets.PROMETHEUS_AUTH_USERNAME }} | |
prometheus_auth_password: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }} | |
prometheus_ingest_host: ${{ vars.PROMETHEUS_INGEST_HOST }} | |
prometheus_ingest_username: ${{ secrets.PROMETHEUS_INGEST_USERNAME }} | |
prometheus_ingest_password: ${{ secrets.PROMETHEUS_INGEST_PASSWORD }} | |
loki_auth_username: ${{ secrets.LOKI_AUTH_USERNAME }} | |
loki_auth_password: ${{ secrets.LOKI_AUTH_PASSWORD }} | |
loki_ingest_host: ${{ vars.LOKI_INGEST_HOST }} | |
loki_ingest_username: ${{ secrets.LOKI_INGEST_USERNAME }} | |
loki_ingest_password: ${{ secrets.LOKI_INGEST_PASSWORD }} | |
cargo-doc: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Install stable toolchain and restore cache | |
uses: ./.github/workflows/actions/toolchain-and-cache | |
with: | |
cache-version: ${{ secrets.CACHE_VERSION }} | |
cargo-tools: clippy-sarif sarif-fmt | |
- name: Generate cargo doc | |
run: | | |
# Force `--lib` to avoid a collision between the client lib and the client cli binary who share | |
# the same name (we only want to document those anyway) | |
cargo doc --no-deps --lib -p mithril-stm -p mithril-common -p mithril-persistence \ | |
-p mithril-build-script -p mithril-doc -p mithril-doc-derive \ | |
-p mithril-aggregator -p mithril-signer -p mithril-client -p mithril-client-cli \ | |
--all-features --message-format=json \ | |
| clippy-sarif | tee rust-cargo-doc-results.sarif | sarif-fmt | |
# Update tool sarif metadata from "clippy" to "cargo-doc" (since it's set this way by clippy-sarif) | |
contents=$(cat rust-cargo-doc-results.sarif \ | |
| jq '.runs[].tool.driver.name = "cargo-doc"' \ | |
| jq '.runs[].tool.driver.informationUri = "https://doc.rust-lang.org/cargo/commands/cargo-doc.html"' \ | |
) | |
echo -E "${contents}" > rust-cargo-doc-results.sarif | |
# Make this step fail if any warning has been found | |
if [[ $(cat rust-cargo-doc-results.sarif | jq '.runs[0].results') != "[]" ]]; then | |
false | |
fi | |
- name: Upload cargo-doc results to GitHub | |
if: success() || failure() | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: rust-cargo-doc-results.sarif | |
wait-for-processing: true | |
- name: Publish Mithril-rust-doc | |
uses: actions/upload-artifact@v4 | |
with: | |
name: mithril-rust-doc | |
if-no-files-found: error | |
path: | | |
target/doc/ | |
build-docusaurus: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: 'npm' | |
cache-dependency-path: docs/website/package-lock.json | |
- name: Install dependencies | |
working-directory: docs/website | |
run: npm ci | |
- name: Build Docusaurus site | |
working-directory: docs/website | |
run: | | |
npm run build | |
- name: Publish Docusaurus build | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docusaurus-build | |
if-no-files-found: error | |
path: | | |
docs/website/build/* | |
build-test-explorer: | |
runs-on: ubuntu-22.04 | |
needs: build-test-wasm | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Download built artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-distribution-wasm | |
path: mithril-client-wasm | |
- name: Unpack 'mithril-client-wasm' package | |
working-directory: mithril-client-wasm | |
run: | |
tar -xvzf pkg/*.tgz -C pkg/ && mv pkg/package/* pkg/ | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: 'npm' | |
cache-dependency-path: mithril-explorer/package-lock.json | |
- name: Install dependencies | |
working-directory: mithril-explorer | |
run: npm ci | |
- name: Test explorer | |
working-directory: mithril-explorer | |
run: make test | |
- name: Check explorer | |
working-directory: mithril-explorer | |
run: make lint | |
- name: Build Explorer | |
working-directory: mithril-explorer | |
run: make build | |
- name: Publish Explorer build | |
uses: actions/upload-artifact@v4 | |
with: | |
name: explorer-build | |
if-no-files-found: error | |
path: | | |
mithril-explorer/out/* | |
build-open-api-ui: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Build OpenAPI UI | |
uses: Legion2/swagger-ui-action@v1 | |
with: | |
output: out/ | |
spec-file: ./openapi.yaml | |
- name: Publish OpenAPI UI build | |
uses: actions/upload-artifact@v4 | |
with: | |
name: openapi-ui-build | |
if-no-files-found: error | |
path: | | |
out/* | |
publish-docs: | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-22.04 | |
needs: | |
- cargo-doc | |
- build-docusaurus | |
- build-test-explorer | |
- build-open-api-ui | |
steps: | |
- name: Download mithril-rust-doc artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: mithril-rust-doc | |
path: ./github-pages/rust-doc | |
- name: Download Docusaurus build | |
uses: actions/download-artifact@v4 | |
with: | |
name: docusaurus-build | |
path: ./github-pages/doc | |
- name: Download Explorer build | |
uses: actions/download-artifact@v4 | |
with: | |
name: explorer-build | |
path: ./github-pages/explorer | |
- name: Download OpenAPI UI build | |
uses: actions/download-artifact@v4 | |
with: | |
name: openapi-ui-build | |
path: ./github-pages/openapi-ui | |
- name: Add CNAME & Redirect | |
run: | | |
echo "mithril.network" > ./github-pages/CNAME | |
echo '<!DOCTYPE html><html><head><meta http-equiv="Refresh" content="0; URL=https://mithril.network/doc"></head></html>' > ./github-pages/index.html | |
- name: Mithril / Publish GitHub Pages | |
uses: peaceiris/actions-gh-pages@v3 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN || github.token }} | |
publish_dir: ./github-pages | |
force_orphan: true |